CVE-2008-1270 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1270
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1270

Description: mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41173 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html SAID Secunia Advisory: SA29318 Secunia Advisory: SA29403 Secunia Advisory: SA29636 Secunia Advisory: SA29622 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106 GENTOO http://security.gentoo.org/glsa/glsa-200804-08.xml DEBIAN http://www.debian.org/security/2008/dsa-1521 CONFIRM http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germany http://trac.lighttpd.net/trac/ticket/1587 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489465/100/0/threaded BID 28226

Return to the previous page.